<?php
/**
 * @author Bach Vu (lebachvu@gmail.com)
 * @copyright 2012
 */
include "../include/config.php";

#check session
if( isset($_SESSION["Login"]["id"]) && isset($_SESSION["Login"]["group_id"]) && $_SESSION["Login"]["group_id"]==1)	
{
################################################################################################################
## Start check session
################################################################################################################


$name = $_POST["name"];
$picture = $_FILES["picture"]["name"];
$price = $_POST["price"];
$special = $_POST["special"];
$selloff = $_POST["selloff"];
$publish_date = $_POST["publish_date"];
$synopsis = $_POST["scontent"];
$author = $_POST["author"];
$content = $_POST["lcontent"];
$hits = $_POST["hits"];
$order = $_POST["order"];

#status = 0 --> enable product
#status = 1 --> disable product
#echo ($_POST["status"])? 0 : 1;

$cat_id = $_POST["cat_id"];

$id = $_POST["id"];

if ($id > 0)
{
	#`status` = '$status',
	$query = "
	UPDATE `products`
	SET 
	  `name` = '$name',
	  `picture` = '$picture',
	  `price` = '$price',
	  `special` = '$special',
	  `selloff` = '$selloff',
	  `publish_date` = '$publish_date',
	  `synopsis` = '$synopsis',
	  `author` = '$author',
	  `content` = '$content',
	  `hits` = '$hits',	  
	  `modified` = NOW(),
	  `modified_by` = '". $_SESSION["Login"]["id"] ."',
	  `order` = '$order',	  
	  `cat_id` = '$cat_id'
	WHERE `id` = '$id';
	";
	
	if ($name && $content)
	{
		if($DB->Update($query))
		{			
			#"../files/products/"
			if(move_uploaded_file($_FILES["picture"]["tmp_name"], $IMG_PATH . basename($picture)))			     
			     echo "<script>alert('The file ".  basename( $_FILES['picture']['name']). " has been uploaded');</script>";
			else 
			     echo "<script>alert('There was an error uploading the file, please try again!');</script>";
			echo "<script>alert('Updated data sucessful!');</script>";
		}
		else 
			echo "<script>alert('Invalid update data!');</script>";
			
		#echo "<meta http-equiv='Refresh' content='0; URL=product.php'>";
		#exit();
	} 
}
else
{
	$query = "
	INSERT INTO `products`
				(`name`,
				 `picture`,
				 `price`,
				 `special`,
				 `selloff`,
				 `publish_date`,
				 `synopsis`,
				 `author`,
				 `content`,
				 `hits`,
				 NOW(),
				 '". $Session["Login"]["id"]. "',
				 NOW(),
				 '". $Session["Login"]["id"]. "',
				 `order`,
				 `status`,
				 `cat_id`)
	VALUES ('$name',
			'$picture',
			'$price',
			'$special',
			'$selloff',
			'NOW()',
			'$synopsis',
			'$author',
			'$content',
			'$hits',
			NOW(),
			'". $Session["Login"]["id"]. "',
			NOW(),
			'". $Session["Login"]["id"]. "',
			'$order',
			'$status',
			'$cat_id');
	";	
	if ($name && $content)
	{
		if($DB->Insert($query))
		{
			move_uploaded_file($_FILES["picture"]["tmp_name"], "../files/products/". $picture);
			echo "<script>alert('Insert data sucessful!');</script>";
		}
		else 
			echo "<script>alert('Invalid insert data!');</script>";
			
		#echo "<meta http-equiv='Refresh' content='0; URL=product.php'>";
		#exit();
	} 

	
}

header("Location: product.php");

################################################################################################################
## End check session
################################################################################################################
} 
else
{
	header("Location: index.php");	
}
?>